From owner-freebsd-net@FreeBSD.ORG Thu Jan 1 11:22:46 2015 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id DFB57143 for ; Thu, 1 Jan 2015 11:22:46 +0000 (UTC) Received: from mail-oi0-x22d.google.com (mail-oi0-x22d.google.com [IPv6:2607:f8b0:4003:c06::22d]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9F10B2E5B for ; Thu, 1 Jan 2015 11:22:46 +0000 (UTC) Received: by mail-oi0-f45.google.com with SMTP id x69so38030099oia.4 for ; Thu, 01 Jan 2015 03:22:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=HmNKXTOk2x4onoXsGBpwvkinJoWCiMe9SLB+JBg31aU=; b=TjIYCV67uGooWXc07KuTzY0niJb4H4A6gm91Z9F0FYRFeoAFsEz4VavqC6HWaKxLxT ERVFqwLHVhkrNlWD7LMsiJSlef+la0llmF/npOnfXMAdiWw8kiKhnbfEdxCJoN6EShAY TDwhcEJknKGo5CW/Me7aavaJI8nAWQMJZUKYyxyPJ7aX8oELqa1uUDuwN5aloXfcbqEM W1q4EgIlMc3bhNnvpm01czjKBEmAMujp37BSe4n1ej3dkR7apr1ja+9wToE7E5TLAoGA 8ku685uyxFYrnxJagLqEaWFtc9MIYYHbQX8Dm06bFU8fRLrzQlqZz+viEUpGXbkCQGhx tTbg== MIME-Version: 1.0 X-Received: by 10.60.52.2 with SMTP id p2mr42015466oeo.85.1420111366016; Thu, 01 Jan 2015 03:22:46 -0800 (PST) Received: by 10.202.76.208 with HTTP; Thu, 1 Jan 2015 03:22:45 -0800 (PST) Received: by 10.202.76.208 with HTTP; Thu, 1 Jan 2015 03:22:45 -0800 (PST) In-Reply-To: <54A52966.9040407@ish.com.au> References: <54A52966.9040407@ish.com.au> Date: Thu, 1 Jan 2015 03:22:45 -0800 Message-ID: Subject: Re: CARP vhid: across interfaces? From: Freddie Cash To: Aristedes Maniatis Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: freebsd-net X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Jan 2015 11:22:47 -0000 There's a sysctl specifically for this. Not at my computer right now, but the following should make it jump out at you: # sysctl -d | grep carp Cheers, Freddie On Jan 1, 2015 3:20 AM, "Aristedes Maniatis" wrote: > I have two firewalls built with FreeBSD 10.1 which are working nicely. > Upstream I have two internet links, one going into each firewall. An IP > address is shared between the two firewalls using CARP. Internally, we have > another address shared between the firewalls, and set as the default > gateway for all devices behind. > > So far, pretty simple. My question that isn't answered in the FreeBSD > handbook is what to do with the vhid. If one of the external interfaces > goes down I want everything to fail over to the secondary firewall. But > that means the internal and external interfaces should fail over together. > Should I be doing that by using a single vhid for all interfaces (does that > bind them together to failover?), or by writing a script to detect the > failover and then bring down the other interface? > > Thanks > Ari > > > -- > --------------------------> > Aristedes Maniatis > ish > http://www.ish.com.au > Level 1, 30 Wilson Street Newtown 2042 Australia > phone +61 2 9550 5001 fax +61 2 9550 4001 > GPG fingerprint CBFB 84B4 738D 4E87 5E5C 5EFA EF6A 7D2E 3E49 102A > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >